W3C VC · FIDO2 · ISO 24745 · DPV CONSENT

Your Identity. Not an App. One vault. Every credential.

Sovio Wallet is the personal identity vault that replaces documents, OTPs, PDFs and repeated KYC forever. Holder layer in the Sovio Digital Trust ecosystem — device-bound, offline-capable, biometric by design.

Book a DemoTalk to Us
wallet.sovio.id / vault
v3.0
Home
Vault
Passkeys
Consent
BioRef
Settings
Active credential
Sovio Wallet
live
WALLET · KYC CREDENTIAL
vc-aa72c1d3
issuer
did:web:pramaan.sovio.id
bound to
Secure Enclave
Consent receiptW3C DPV · signed
sig:z6Mk…walletnon-repudiable
One vault. Every identity primitive. Open standards end to end.

Credentials, passkeys, consent receipts and biometric references — held device-bound on the holder's terms. No proprietary lock-in.

W3C Verifiable CredentialsFIDO2 · WebAuthn PasskeysISO/IEC 24745 · BioRefW3C DPV · Consent SemanticsOpenID4VP · PresentationDIDComm MessagingSecure Enclave · Device-Bound KeysSD-JWT · Selective DisclosureCREDEBL · LF Decentralized TrustW3C Verifiable CredentialsFIDO2 · WebAuthn PasskeysISO/IEC 24745 · BioRefW3C DPV · Consent SemanticsOpenID4VP · PresentationDIDComm MessagingSecure Enclave · Device-Bound KeysSD-JWT · Selective DisclosureCREDEBL · LF Decentralized TrustW3C Verifiable CredentialsFIDO2 · WebAuthn PasskeysISO/IEC 24745 · BioRefW3C DPV · Consent SemanticsOpenID4VP · PresentationDIDComm MessagingSecure Enclave · Device-Bound KeysSD-JWT · Selective DisclosureCREDEBL · LF Decentralized Trust
01 · The problem

Identity is everywhere — and yours nowhere.

01
The repetition tax
OTPthe dominant identity protocol — in 2026

Every digital interaction demands identity proofing — again.

Upload a document. Wait for verification. Receive an OTP. Fill a form. Repeat at the next institution. Users are trapped in a cycle of document uploads, OTP fatigue and repeated KYC — while organisations bear the cost of redundant verification pipelines.

02
Identity scattered across apps
0holder-owned vaults across most ecosystems

Documents, PDFs and per-institution apps are not identity.

Your KYC sits in one bank's portal. Your driving licence in a separate app. Health records on paper. Education on PDFs. There is no holder layer — no single vault you control where credentials, keys, biometrics and consent live together, device-bound.

How the Wallet Works

Identity is verified once via Sovio Pramaan

First-time KYC happens through Pramaan — Aadhaar, document OCR, face match and liveness. The resulting Verifiable Credential is signed by the trusted issuer.

One verification. Reusable forever.

03 · Role in the Sovio ecosystem

The only component touching both issuer and verifier sides.

The wallet is the holder layer — the bridge between issuance and verification across the entire trust lifecycle.

ISSUER
Bank · Government · Enterprise

Verifies identity via Pramaan and issues a Verifiable Credential into the wallet.

SOVIO WALLET
The central trust hub

Holder stores, manages and presents VCs, passkeys and consent receipts.

VERIFIER
Bank · NBFC · Portal · Airport

Verifies the VC presentation via Sovio Verify, Auth or Consent.

04 · End-to-end flow

Onboarding — replaced with a twenty-second tap.

  1. 00:00
    User opens any Sovio-integrated portal
    Bank, NBFC or government service — the verifier presents an OpenID4VP request.
  2. 00:02
    Wallet receives the request
    Sovio Wallet shows exactly which attributes are being asked for, and by whom.
  3. 00:05
    Biometric unlock
    Holder approves with Face ID, fingerprint or passkey. Private keys never leave the Secure Enclave.
  4. 00:08
    Selective disclosure
    Wallet presents only the requested attributes via SD-JWT — "adult" without a birth date.
  5. 00:12
    Signed consent receipt
    A W3C DPV consent receipt is generated, signed by the wallet, and stored locally.
  6. 00:16
    Verifier validates the proof
    Signature, issuer DID and revocation status checked via Sovio Verify — sub-second.
  7. 00:20
    KYC complete
    No upload. No OTP. No form. The wallet replaced the entire onboarding flow.
05 · Why the wallet works at scale

Six guarantees. Not policy — properties.

  1. 01Credentials, keys, passkeys and consent live in one device-bound vault.
  2. 02Private keys never leave the Secure Enclave — never extracted, never uploaded.
  3. 03Every share is approved with biometrics — and recorded as a signed consent receipt.
  4. 04Selective disclosure via SD-JWT — reveal what's needed, nothing more.
  5. 05Offline-capable — present credentials and authenticate without connectivity.
  6. 06Open standards end to end: W3C VC, FIDO2, ISO 24745 BioRef, DPV consent.
06 · Standards & protocols

Built on W3C, FIDO Alliance, IETF and ISO — end to end.

Framework
Title
How the Wallet applies it
W3C VCs
Verifiable Credentials & Presentations
KYC, Aadhaar, employment, health, education and travel credentials held as W3C VCs — device-bound, not on a server.
FIDO2 · WebAuthn
Device-bound passkeys
The wallet is the FIDO authenticator across every app and portal in the Sovio ecosystem.
W3C DPV
Data Privacy Vocabulary
Every data share is authorised with a cryptographic consent receipt — immutable and auditable.
ISO/IEC 24745
Biometric Information Protection
BioRef capture: liveness-verified face template, non-reversible reference — no raw biometric images leave the device.
SD-JWT
Selective Disclosure JWT
Reveal only the requested attributes — "adult" without a birth date, "resident" without an address.
OpenID4VP · DIDComm
Wallet-to-verifier flows
Standard presentation protocols — works with any compliant verifier, no custom integrations.
CREDEBL
LF Decentralized Trust
Built on the open-source CREDEBL platform — no proprietary lock-in.

The wallet is not a passive container — it is an active participant in every trust transaction.

08 · Technical depth

For architects, security engineers and mobile leads.

wallet · vault.jsonSecure Enclave
{
  "did":   "did:key:z6MkpTHR8VNsBxYAAWHut2Geadd9...",
  "binding": "secure-enclave://aaguid-2fc0...",
  "credentials": [
    { "type": ["VerifiableCredential","KYCCredential"],
      "issuer": "did:web:pramaan.sovio.id",
      "format": "vc+sd-jwt" }
  ],
  "passkeys":  [{ "rpId": "sovio.id", "transports": ["internal"] }],
  "consents":  [{ "purpose": "kyc-reuse", "sig": "z58D...recpt" }],
  "bioref":    { "iso": "24745", "template": "non-reversible" }
}
// present · POST /wallet/present
request = openid4vp.parse(req);
biometric_ok = bioref.verify_live();
if (biometric_ok) vp = vault.sign(request, secure_enclave);
receipt = consent.sign(vp, "W3C-DPV"); → EMIT vp + receipt
Unlock
< 1 s
biometric · device-bound
Formats
VC · SD-JWT · mDL
one holder pipeline
Passkey
FIDO2 · WebAuthn
phishing-resistant
Wallet
iOS · Android · Web
white-label SDK
device-bound by design

Private keys are generated inside — and never leave — the device's Secure Enclave. The wallet is bound to the device. The holder is bound to the wallet. The trust is bound to the holder.

Selective disclosure Cryptographic consent Offline-capable Device-bound keys Biometric unlock Interoperable by spec
HOLD · AUTHENTICATE · CONSENT

See Sovio Wallet
in your ecosystem.

Schedule a personalised demo to see the holder vault — credentials, passkeys, consent and biometrics — running end to end in your environment.

Request a demo Talk to us